If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

First off, you might want to consider deleting your post. There are a lot of people on here that will neg you for asking how to hack something.

Second, I think you are SOL. Depending on what version of windows encrypted the file the type of encryption used will change. XP SP1 and newer along with Win2003 use AES. There is no known hack to AES. You can bruteforce it, but you will be at it for awhile.

Originally posted here by hunterhunter Why would I get flamed for trying to broaden my skillsets? Cracking my own file would be a legitimate option for me. Nothing illegal, nothing taboo.

Thanks for the advice, any and all others are appreciated.

regards

well to answer the first question, because we don't /know/ it is your file? You are a new poster, you have no background with this site and we only have your word that it is "legit" to go off of. I'm not going to flame or neg you, but don't be suprised if someone else does.

Anyway on to the original question, I don't know of any way to crack an EFS file other than a bruteforce (which was already mentioned)... and that is going to take hardware and a lot of time. The administrator should be a key agent though, so that account should be able to see the information.

Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

I seriously suggest you delete this point as advised above... There are some people who will neg you for posting sh*t like that. If you want to learn and broaden your skill sets check out AO's tutorial section. I wont neg you this time but now you know.

BR, that only works if you have the valid key to unencrypt the file. To successfully recover an EFS file you need to have the original private key, a recovery agent that is still valid meaning either a domain admin account from the domain that you were a member of when the file was encrypted(and still a member of that domain) or the local administrator account if it was part of a workgroup.

In this case as their is no recovery information, and all they have is the file, there is no way to recover the data in the file other than a brute force attack.

As a best practice if you are using EFS you should create a backup of your private key and store that in a safe location. Or in corporate world, make sure that you have created a process by which your users can request a recovery agent to unencrypt their files.

Bruteforcing AES encryption is going to be pretty much impossible for someone that doesn't even know where to begin.

well..

Unfortunately my friend formatted his hard disk. He did not save the recovery key. Also, the administrator account that would be able to see the data was on that disk that we wiped. I might try some third party EFS recovery software. I doubt it will work though, probably because it requires the originating system to still be intact.